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Field of the invention 

The present invention relates to protection of commercial software '$cft&r£uffy 

through a communication link or the like, and particularly, to protection of such ^^ a ^ i 
software against unauthorised use. (^t2lo"wj.J 



Background of the invention 

Conventionally, software protection methods for protecting commercial 

software products such as programs, multimediam software, sdW through a 

communication link, such as' telephone line fr y means - o f m o der n^ require^ a user 

computer to' install a' hardware tpeans which comprises, for instance, decryption keys 
hahst&OaA program cnfte cowpttfzr 

and system' therein for to be authenticated by a software'running the£@aa. Hardware 

means, rather than software means, are being used because software duplication 

facilities are commonly found in personal computers. However, this is extremely 

cumbersome and places a large burden on users and vendors alike. 0 ^ 

It is therefore an object of the present invention to provide a 'software jjieans to 

pi sea of- 

replace the above-mentioned 'hardware jpeans and which would not be copied by its 
rightful user ,tf> : someone else. 

It - is therefore anoth c r^b ject-eiHfoe-^^ 
detering unauthorised co pying or nsft of thr ffpfn"?"* rn ^ a ^ g - 



Summary of the invention 

According to a first embodiment of the present invention, there is provided a 

(xn 

central program comprising 1) a program for providing ' Encrypted Identity 

Do 

(hereinbelow referred' as EI program), 2) a program for ^nabting j software product 

(mdalJi fern PS *&« % 
Ouid on 1&* ^0 
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(hereinbelow referred ' as ES program) / 3) a p rogram for auth e nticating Computer 
( herein be l ow re ferre d - a s AC program) . 

The central program is for managing the use of the individual programs therein 
so that the ES program can be protected from being accessed by the user direcdy, , - 

thereby preventing it-tes*e copied individually. The EI program is for providing an C y^^ 
encrypted identity of a user for accessing a network central computer to obtain Madtitk 

OA 



CL i z 

payment therefor involved. The AC program is for authenticating - the - computer o n 



services or software products or alike inwhich a secure operation of a user account for 



which it runs by determining its hardware and - software configuration by sof t ware 
means and comparing the result with that requir e d . The ES program is for using -the 

authentication r e sult of the AC program and the present of the EI program as a 

fruBiorts^ froduci} y Ltee&ife on Px Jfa yii) 

precondition for e n a bling those software* obtained to Won a computer. , - , - v/ 

It should be noted that in the central program,' the ES program is the one which £f rzftiful 

(AQir to 9M0Q*t 

needs protection raest-^heseas-^^ and according to the £ fe fcctmnsdj 

present invention, the ES program is protected from being unauthorised copied by its 

rightful user to someone else lies on the fact that a' user would not copy a program 

Can be i^ed i>g an Ufiatrthoffsrd user tb profidsL n^hiful 
(i.e., the EI program) which can provided the'user's encrypted identity for using the 

rrtjdfal user's account in obtaining, for eg., network services or software products:' As seen 

from the use of automatic teller machine(ATM) magnetic cards, which although can 

readily 'forged, has'proved to be remarkedly secure. 

another 

According to a second embodiment of the present invention, the central 

program comprising @rty the EI program 'and the ES program enables '.software mas"^^ 

and bet^ 

only when the EI program is present on the same computer 'which is 'determined by 
receiving an encrypted identity of the EI program from the same. 

According to tfce=tted embodiment, the EI and ES programs are basically 
equivalent such that copying the ES program by its rightful user to someone else is 
equivalent to copying the EI program{ thereby preventing the ES program from 
unauthorised copied or use. 
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Brief inscription of drawing^ 

HG.l is a block diagram of 'central program. 

FIG.2 is a diagrammatic view of a program inwhich a part B thereof being encrypted, 
in RAM space. 



Detailed description of the preferred embodiments ^ccductlQ 

The present invention is directed to protecting software' supplied through a 
communication link, and for the sake of simplicity, the following description is directed 
to protection of such software' in a IBM PC computer: And, the present invention will 



be described under the following headings: 

1) The Central Program. ^ 

2) The Program for providing 1 Encrypted Identity (EI program). 

titttficnS'^ of a product 

3) The Program for 'enabling software -(ES program). 

4) The Program for authenticating computer (AC program ^. 
4£) Other Embodiments. 



1) The Central Program. 

According to the first embodiment, there is provided a central program which 
being an executable program and can be caused to* ©xeeatiea-by user by entering its 
filename in DOS environment, «fe£zto FIG.l which is a block diagram of the central 
program. 

When 1 a user desires to access a network central computer through a 
communication link, the user has^fij^t to cause'it to .executed K 'will request the user to 
enter a password which if coincidents with that required, it will send an identity of the 
user to the central computer. 

This r e quirement of us e r password is necessary to prev e nt someone to acces s* 
t he central computer and us e the account of the rightful user without h i 3 a uth orisation ; 



, of^ck ^u/s> Mil* d^cCA^'M^ 

4- 
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Then the central program' causey the EI program 
encrypted identity of the user* that encrypted identity will a *rolhfAftffl 1 ' to the central 



to f execute^for providing an 



computer. The central computer will permit the access request from the user if the^ 

Idtin-kiQ U femct/ -for t<zkH d$aik i*dih& dtecat*d ui ut/n J> iu/eai ke/cts^ 
uncrypted and -encrypted idea &&cs arc c ons i s tc n t- w it h - ca ch -oth er. < ...... - 

"T/tf *w p*^wrd fa faMvr&to u&> of ~tit m^UfmemU— "\ . , z - - v. - - * 

^L- a&efi a running program desires to y exee*tte y tfie ES program, to, eaaUe^dts 

o peration -e r it to continue to run, it 'first' prepare^" an input parameter for indicating ^^a^d^^ 

-fco central r t -fr > rtaprffa- 

vtet4*e €S program such a request and stored the input parameter in a predetermined ww*** 

Call QM ' Ui 

location in RAM, then through the use of a PC DOS service* for that purpose, ^ caused ^ce^rt of ^Ae 

the central program to be dow nlo ad fr om a pe rm a nen t — st or age , eg . h aaaddisk, of th e ^0^^ 

c^mp*^ ^-t o -RAM 'and b e executed. The central program 1 will first access the input a ^ lo n^^. 

parameter in the predetermined location and from it the central program can I^A^^^f^C 

determine^ that the running program < requests for an ' ei*akte=sigrial from the ES 

be , 

program, and will then cause the ES program to'execute? K 



r For the case the central program is'caused by user to be executed, there will be 
no 1 or no input parameter and the caatrol program can thus know this fact. 



an 

2) The Program for providing 'Encrypted Identity (EI program). ^ u&&\ a*M^cZ£&c 

This program borrows the teetariqae used in IC credit card in which an 

encrypted identity is generated4©f^sn&£y^e*^^ 

OA ^ 
When starts, the EI program sends (a' access request to ( af central computer 

if a 

which in return will send back a random number. The EI program' then encrypts the 
random number with a predetermined algorithm Al and send£ the result to the central 
computer which will permit access if the result is identical with the'result it obtained by 



performing the same encryption.- djontl* on Kat rtmdm /u«*te 

It should be noted that for each user, there is a corresponding respective 
encryption algorithm Al for identification of-^ck-of-t hem and also that the central 
computer may use the encryption result, 4£j^eing-eQG!eet', from the EI program'as a 
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user authorisation for payment to be made, from a user account for obtaining network 
services or software products or the like. 

3) The Program for ©aabling^software^ ES program). ^ tfi 9 d$/<^ f \j 

According to the present invention, there are 2 approaches for eaafe&ig ^ 

^ product i*> U u&d „ j it on 

(X software: / , 

i) by sending encrypted commandite a running software for oftabfeg- operatagn of the ^^^-j) 

^ ha sSmib* mtontr -for tdt&fa autium&ifo 

same on -the* computer^y^s^Gfe^A^e as mentioned in item 2. Specifically, the 

program 

running software* includes in the input parameter, as mentioned above in item 1, a 

*%\w <yiM&L 1U ^iKp^^ tt> be jmcuUiL 
random number it generated! The ES program* in return sends the result it obtained by ^ , 

y>htdl biy% COM^d iobe MdMJ^ tit c^Mprojr^i J Ac ,nriS*S*dAto»e">t h 
performing a predetermined encryption algorithm A2 on that random number, to the 

running software ' which will compare 1 it with t*ie 'result it obtained by performing the 

same encryptions dqtffa, A ^ on fat khSm ruvdsc 

It should be noted that for each user, each oaa of the software'for use on 

his/her computer(s) use a same respective encryption algorithm A2 and the encryption 

£ G ftw*?€ product 

algorithm A2 being included into each such oae 1 by the central computer at the time 
when the central computer is to supply the same to the user computer. 

Qrf\ product p r£ ,tiuet 

ii) by decrypting a" encrypted part of a software'or an encrypted software^ 

r product 

It should be noted that if the software' is a program, then it will be sufficient to 

m 

have a part thereof to be encrypted, for preventing unauthorised copy and use, 

f>ro(ka-t ^ $hculA 

however, if the software 'is an audio/visual multimedium- data file, it be more 

product 

desirable to have the whole software 7 be encrypted. rvduci 

¥ I 

The decryption of a part of or an entire software takes place on a temporary 
copy of which in RAM. Given by example only, FIG. 2 is a diagrammatic view of a 
program in RAM space, with a part B thereof being encrypted. As seen, the ES 
program decrypts part )6 'and stores the result which size should be not equivalent to 
that of the encrypted of%krin 'part B decrypted'. 
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The ES program then overwrites at the first location of 'part B encrypted' an 
instruction 'JUMP TO part B decrypted' and at the end of 'part B decrypted' appends 
an instruction 'JUMP TO part C. In this way, the encrypted part of the software will 
not be executed andftts<ie£fcrypted part will be executed instead. 

In the case of audio/visual multimedium software, the software will be 
de$crypted a small part by a small part and each small part is deScrypted at the time it 
is about to be utilized by a audio/visual program for causing audio/visual effect In 
other words, that audio/visual program has to cause the ES program to be executed in 
the manner as described above in item 1, everytime it wants a decryption of a small 
part BeskaWe, a newly decrypted small part will overwrite a previous decrypted one 
so that a whole copy of the decrypted software will not exist in RAM. 



^4)jnie Program for authenticating computer (AC program). 

ne object of this program is to prevent the central program from being^used , 
if it is a cop^sbeing made by someone other than the rightful user ansr i>f this the 
rightful user bein^xunawared, so that a rightful user need not eu^rd his computer 
containing the central program from reach of someone else. 

When the central program is installed in a harddisk of a user computer and 
executed, it will check a encrypted N s$atus infomiation in it and from which it knows 
this is the first time it being executed andswill cause an initialization process to take 
place. In the initialization process, tl^G^tral^i^gram sends to a central computer an 
unencrypted identity of the usep/then the AC program requests for a encrypted 
command from a central conlputer which will provide such a encrypted command, in 
the manner as described^ hereinabove in item 3i, if the user has a^valid account or the 
account is not closed. 

After authenticating the command, the AC program determines tfte.hardware 
and software configuration of the user computer, which includes, for eg., rarqiing 
^speed determination which is a function of CPU freq uenc y, cache memory size etc: _N 



running speed can be determined by and causing the computer to/execute a test 
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Suimber and identities of peripherals such as mouse, printer, joystick, harddisk and/j 
floppy disk drive etc; characteristic of hardware such as number of heads, cylinders, 
sectork of harddisk and locations of bad sectors therein; version number of operation 
system software and physical position of a particular software including^the central 
program in the harddisk; by skills well known to those in the art. Fo^instance, the 
i\an 

program and initializing a hardware counter to measure the tim^/the computer has 
taken to finish the program. For another instsance, the version number of the operation 
system may be determinedsby using a particular DOS service. 

The result of the determination and a status information of being initialized is 
being stored by the AC program^in a predetermined part of the central program in the 
form of encrypted data. Thereafter^everytime wh^^me central program is executed, it 
will first check the status information^nd after confirming that it is being initialized, it 
will perform a job as requested, referred to^uem 1, and in addition thereto, it will also 
automatically cause the AC program to execute which will determines at least a part of 
the above hardware and software configuration of^the computer, at a time, and the AC 
program will encrypt an indication in another predetermined part of the central 
program for causing the ES program not to operate, if any of the configuration 
determined is not identical to/that it encrypted and stored previously. 

In addition thereto, the AC program will also rese^the encrypted status 
information so that another initialization process will automatically take place if the 
user causes the central program to be executed, for which another encrypted command 
from the central computer will be required 

This prevents a user deliberately adapts the program to other user' ^computer, 
after closing' his account 

^/ Edition, the encrypted command from the central computer may^be 
alternatively be supplied to the user via, eg., telephone line, and being enterred into the 
u^er computer by the user. Specificall y, to_reques.tJ^ 
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^rogram generates a random number which is being supplied to the centralcornputer' 



by the user by means-oLtelephone dual tone signals^j^ enterring the random 

number on a telephonekey^ and after encrypting the 
random number^he-~"central computer sends the result to-the^user via the same 
[e phone line by means of a voice synthesizer. 



^5) Other Embodiments 

According to the second embodiment, the ES program is separated from the 
central program which comprises the El4nd=&&progra£n. The ES program is bound 
Math 'the EI program by requiring the ES program to operate only when the EI 
program is present on the same computer. Specifically, the ES program when running, 
can cause the EI program to be executed for generating an encrypted identity for the 
ES program to authenticate. The EI program knows that this is a request for encrypted 
identity from the ES program, not a request from user for encrypted identity for 
accessing 0? central computer, by the t echnique *of input parameter as mentioned abover^ 

Further, the EI program before sending the encrypted identity to the ES 
program, may first check the data integrity of itself by, for instance, checksum 
method. Alternatively, it may also be that the ES program performs the checking. And, 

*tf the checking result is that some data in the EI program being altered,, :: B*©n, in the 

be 

former case, the ES will be caused to' not operable by the EI program by not sending it 
^ a encrypted identity, and in the latter case, the ES program will' caused to 'not operable 
by itself. 

According to the third embodiment, the encryption algorithms Al and A2 that 
the EI and ES programs mc [ respectively for providing'encrypted identity to the central 

computer and for generating encrypted command , to / enab l e s unning software pww&t 

respectively, is a same algorithm. 

Thus, it would be equivalent for a rightful user to copy his EI program to 
someone else if he copies his ES program to someone else. In this case, a slight 



modification on the ES program can make it op er a te in the b ams manng g=as- the EI 
program/ which involves adding a skaaply interface program for receiving a random 
number from a^ntral computer, feeding the random number into the ES program, 
receiving the^ac£ytioH*result from the ES program and supplying the'esesytion result 
to the central computer, and such functions are commonly found in any network 
interface software. 

In addition, according to another embodiment of the present invention, the 

software^and ES program for use on a paiticula i uasei^ - CQmputC T^includes an identity 

of its rightful user, so as -fer facilitate^ legal action against piracy. Further, the ES 
\A\^wtifa<Lj\p\^ *eack £>f tAe products c&l $oftc%ue product 

program^accesse^'software/by using a particular DOS service* for loading a psegpam 

toi 44J 4anddisk - to-^ !^M, stored in the computer onwhich it runs^for ( such an identity 

product duck in^ 

therein, if any software' is found to have an identity not identical to that of the ES 

products 

program, the ES program will inhibit use of all software 'under its control, including 

itself, on the computer. Such identities may be stored in a predetermined location of 

products 

the software,' and is protected from being altered by having an encrypted one stored in 

product <^p^, each e>{ 'WE iAo%f- Is 
another location in each software/and said ^another location^ differ s to each anothe r in 

products 

different software 'so that it would not 'discovered and altered. And, each such 
software? when executed, will automatically check the unencrypted identity stored 

dfCrijf>-ttcA tftzuttc-f- CO&ct&rt product 

therein against the' encrypted one, if they are not idea&eal, the software ' will fail to 
operate. The identity or encrypted identity of the rightful user being included into each 
one of the software' by the central computer at the time when the central computer is 
to supply the same to the user computer. Further, to prevent the ES program *o 

product 

mistakenly regard a software' which stored in the computer and which being not 

£ S product ccGifvtar~ 

supplied from the central computer, fy& a software/ under its control, the central'' may 

include ^information in a 7 predetermined location of the /software' for indicating this 

~tMt 'is, -U? svftwre. product biin^ sop piled frm tit &/Zra( £e/nftft&r 
fact/ to the ES program and each oee-of the software .will not operate if when being 

executed, it finds ^information therein being altered. 

tut 



